public function getPermissionsArray(User $user)
{
$pdo = Database::getConnection('read');
$stmt = $pdo->prepare('SELECT uri, can_access FROM permission WHERE user_id = :userId');
$stmt->bindValue(':userId', $user->getId());
if ($stmt->execute()) {
$perms = $stmt->fetchAll(Database::FETCH_ASSOC);
$rtn = [];
foreach ($perms as $perm) {
$rtn[$perm['uri']] = (bool) $perm['can_access'];
}
return $rtn;
}
return [];
}
public function isHidden()
{
if (!$this->user->canAccess($this->link)) {
return true;
}
return $this->hidden;
}
public function add()
{
$this->setTitle('Add User');
$this->addBreadcrumb('Add User', '/user/add');
if ($this->request->getMethod() == 'POST') {
$form = $this->userForm($this->getParams());
if ($form->validate()) {
if ($this->userStore->getByEmail($this->getParam('email'))) {
$error = 'This email address already belongs to a registered user.';
$form->getChild('fieldset')->getChild('email')->setError($error);
$this->view->form = $form->render();
return;
}
try {
$user = new User();
$params = $this->getParams();
$params['hash'] = password_hash($params['password'], PASSWORD_DEFAULT);
$user->setValues($params);
$user->setDateAdded(new \DateTime());
$user = $this->userStore->save($user);
$data = [$user, $params];
Event::trigger('userSaved', $data);
list($user, $params) = $data;
$permission = new Permission();
$permission->setUserId($user->getId());
$permission->setCanAccess(true);
$permission->setUri('/');
$this->permissionStore->save($permission);
$this->successMessage($params['name'] . ' was added successfully.', true);
$this->redirect('/user');
} catch (Exception $e) {
$this->errorMessage('There was an error adding the user. Please try again.');
}
} else {
$this->errorMessage('There was an error adding the user. Please try again.');
}
$this->view->form = $form->render();
} else {
$this->view->form = $this->userForm(array())->render();
}
}
public function auth()
{
$email = $this->getParam('email', '');
$token = $this->getParam('token', '');
$client = new \Google_Client();
$client->setClientId(Setting::get('google-identity', 'client_id'));
$client->setClientSecret(Setting::get('google-identity', 'client_secret'));
$client->setRedirectUri($this->config->get('site.full_admin_url') . '/google-identity/auth');
$client->setScopes('email');
$data = $client->verifyIdToken($token)->getAttributes();
if (empty($data['payload']['email']) || $data['payload']['email'] != $email) {
return $this->redirect('/session/login?logout=1')->error('There was a problem signing you in, please try again.');
}
$userStore = Store::get('User');
$user = $userStore->getByEmail($email);
if (is_null($user)) {
$authDomains = Setting::get('google-identity', 'login_auto_create');
$authDomains = explode(',', $authDomains);
$parts = explode('@', $email, 2);
if (!in_array($parts[1], $authDomains)) {
return $this->redirect('/session/login?logout=1')->error('You do not have permission to sign in.');
}
$user = new User();
$user->setActive(1);
$user->setIsAdmin(1);
$user->setDateAdded(new \DateTime());
$user->setEmail($email);
$user->setName($data['payload']['name']);
$user = $userStore->save($user);
}
$_SESSION['user_id'] = $user->getId();
if (isset($_SESSION['previous_url'])) {
return $this->redirect($_SESSION['previous_url']);
}
return $this->redirect('/');
}
/**
* Set User - Accepts a User model.
*
* @param $value \Octo\System\Model\User
*/
public function setUserObject(\Octo\System\Model\User $value)
{
return $this->setUserId($value->getId());
}
